Posts Tagged ‘number’

As Docker containerization is starting to become a standard for installing a brand new servers especially servers who live in Self-Made Clusters based on Orchestration technologites like Kubernetes (k8s) (check out – http://kubernetes.io),

Recently, I've had the task to set-up a Squid Cache (Open Proxy) server on a custom Port number to make it harder for internet open proxy scanners to identify and ship it to a customer.

What is Squid Open Proxy?

An open proxy is a proxy server that is accessible by any Internet user, in other words anyone could access the proxy without any authentication.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP and other protocols.
It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.
Squid has extensive access controls and makes a great server accelerator.
It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

What is Docker?

For those who hear about Docker for a first time, Docker is an open-source software platform to create, deploy and manage virtualized application containers on a common OS such as GNU / Linux or Windows, it has a surrounding ecosystem of tools. Besides its open source version there is also a commercial version of the product by Docker Inc. the original company that developed docker and is today in active help of the project.

Docker components – picture source docker.com

What is Kubernetes?

Kubernetes, in short, is an open source system for managing clusters of containers. To do this, it provides tools for deploying applications, scaling those application as needed, managing changes to existing containerized applications, and helps you optimize the use of the underlying hardware beneath your containers.
Kubernetes is designed to be extensible and fault-tolerant by allowing application components to restart and move across systems as needed.

Kubernetes is itself not a Platform as a Service (PaaS) tool, but it serves as more of a basic framework, allowing users to choose the types of application frameworks, languages, monitoring and logging tools, and other tools of their choice. In this way, Kubernetes can be used as the basis for a complete PaaS to run on top of; this is the architecture chosen by the OpenShift Origin open source project in its latest release.

1. Install Docker Containerization Software Community Edition

Docker containers are similar to virtual machines, except they run as normal processes (containers), that does not use a Hypervisor of Type 1 or Type 2 and consume less resources than VMs and are easier to manage, nomatter what the OS environment is.

Docker uses cgroups and namespace to allow independent containers to run within a single Linux instance.

Docker Architecture – Picture source docker.com

Below docker install instructions are for Debian / Ubuntu Linux, the instructions for RPM package distros Fedora / CentOS / RHEL are very similar except yum or dnf tool is to be used.

a) Uninstall older versions of docker , docker-engine if present

apt-get -y remove docker docker-engine docker.io

! Previously running docker stuff such as Volumes, Images and networks will be preserved in /var/lib/docker/

Previously running docker stuff such as Volumes, Images and networks will be preserved in /var/lib/docker/

2. Build Docker image with Ubuntu Linux OS and Squid inside

To build a docker image all you need to do is have the Dockerfile (which is docker definitions build file), an Official image of Ubuntu Linux OS (that is provided / downloaded from dockerhub repo) and a bunch of docker commands to use apt / apt-get to install the Squid Proxy inside the Docker Virtual Machine Container

In dockerfile it is common to define for use an entrypoint.sh which is file with shell script commands definitions, that gets executed immediately after Docker fetches the OS from its remote repository on top of the newly run OS. It is pretty much like you have configured your own Linux distribution like using Linux from Scratch! to run on a bare-metal (hardware) server and part of the installation OS process you have made the Linux to run a number of scripts or commands during install not part of its regular installation process.

a) Go to https://hub.docker.com/ and create an account for free

The docker account is necessery in order to push the built docker image later on.
Creating the account creates just few minutes time.

b) Create a Dockerfile with definitions for Squid Open Proxy setup

I'll not get into details on the syntax that Dockerfile accepts, as this is well documented on Docker Enterprise Platform official website but in general gettings the basics and starting it is up to a 30 minutes to maximum 1h time.

After playing a bit to achieve the task to have my Linux distribution OS (Ubuntu Xenial) with Squid on installed on top of it with the right configuration of SQUID Cacher to serve as Open Proxy I've ended up with the following Dockerfile.

Apart from that I've used the following entrypoint.sh (which creates and sets necessery caching and logging directories and launches script on container set-up) permissions for SQUID proxy file that is loaded from the Dockerfile on docker image build time.
To have the right SQUID configuration shipped up into the newly built docker container, it is necessery to prepare a template configuration file – which is pretty much a standard squid.conf file with the following SQUID Proxy configuration for Open Proxy

The script uses the docker login command to authenticate non-interactively to https://hub.docker.com
docker build command with properly set DOCKER_ACC (docker account – which is the username of your hub.docker.com account as I've pointed earlier in article), then DOCKER_REPO (docker repository name) – you can get it either from a browser, after you've logged in to dockerhub or assuming you know your username, it should look like:
https://hub.docker.com/u/your-username-name – for example mine is hipod with repository name squid-ubuntu, my squid-ubuntu docker image build is here, you'll also need to provide the password inside the script or if you consider it a security concern, instead type manually from command line docker login and authenticate in advance before running the script, finally the last line docker push pushes to remote docker hub the new build of Ubuntu + SQUID Proxy with a predefined TAG that in my case is latest (as this is my latest build of Squid – if you need a multiple version number of Squid repository just change the tag to the version tag line number.

d) Use the script to build Squid docker image

Next run the script to make and push into docker your new image:

sh build-docker-image.sh

Please consider that in order to work with docker hub push / pull, you will need to have a firewall that allows connection to dockerhub site repo, if for some reason the push / pull fails, check closely your firewall as it is the most likely cause for failure.

3. Run the new docker image to test Squid runs as expected

To make sure the docker image runs properly, you can test it on any machine that has docker.io installed, this is done with a simple cmd:

docker run -d –restart=always -p 3128:3128 hipod/squid-ubuntu:latest

The -d option tells docker to background process /run in detached mode -p option tells docker to expose port (e.g. make NAT with iptables from the docker virtual container with Linux OS + SQUID listening inside the container on port 3128 to the TCP / IP 3128 server port).
You can use iptables to check the created Network Address Translation rules.

–restart=always option sets the docker restart policy (e.g. when the container is terminating it tells the container to restart the container (OS) after exit), there, you can use as a resetart policy (no, on-failure[:max_retries] , unless-stopped)

The task included to deploy two different Open Proxy squid servers on separate ports in order to add them external cluster Ingress load balancing via Amazon AWS, thus I actually used following 2 yaml files.

The service is externally exposed via later configured LoadBalancer to make the 2 squid servers deployed into k8s cluster accessible from the Internet by anyoneone without authorization (as a normal open proxies) via TCP/IP ports 33128 and 33129.

Conclusion

Though it all looks quite simplistic I should say creating the .yaml file took me long. Creating system configuration is not as simple as using the good old .conf files and getting used with the identation takes time.

Now once the LB are configured to play with k8s, you can enjoy the 2 proxy servers. If you need to do some similar task and you don't have to do it for a small fee, contact me.

Thanks to this little forum after a very thoroughful research on the topic howto unlock my ZTE Blade 3
in Russian Google.ru / United Stated Google.US and UK Google.Co.Uk I've figured out a number of ways recommended

I've lost some time watching also few videos illustrating howto unlock the phone for other non MTEL mobile operators with

there are a number of ways and paid software that could do various non-conventional things like unlock the phone for example:GB Key

Here is description of GB Key

You can Call it UNLIMITED – Direct Unlocker, Code Calculator, Code Reader, is fast, easy to use, encrypted, more than 200 models supported and most of it is it's UNLIMITED use. Updates come on regular basis with addition to new models and features.

Supported Models

More than 500 supported models from mobile phones to modems and growing.

Currently supports around 260 MEPs & more than 9500 PRDs (and growing..) .

There is also a number of services online that offer remote paid services to Unlock any smart phone remotely by paying with a card and providing the IMEI.
I guess this services either use Android Emulator with manually setting the respective IMEI of the phone and then uses some software (box) as they call it to generate the code using the respective algorithm. etc.

However as I didn't wanted to spend money on something on such non-sense I digged a little bit more and I found out that according to Bulgarian Legislation encoding a sold mobile phone by the mobile operator is already illegal and all mobile operators in Bulgaria (that used some kind of encoding software to prevent a bought phone from them to be used with another mobile operator should provide openly the mobile phone codes freely).

Just switched on my ZTE Blade 3 phone and inserted the code and got a message it is wrong but immediately I phone able to connect to Telenor (the ex Globul Mobile operator ) Mobile network Voila! 🙂 Hope this helps small article helps someone else too. Enjoy !

Thanks God, we have just completed (6 months) Migration few Tomcat and TomEE application servers for PG / PP and Scorpion instances from old environment to a new one for a customer.

Though the separate instances of the old environment are being migrated, the overall design of the Current Mode of Operations (CMO) as they use to call it in corporate World and the Future Mode of Operations (FMO) has differences.

The each of applications on old environment is configured to run in Tomcat failover cluster (2 tomcats on 2 separate machines with unique IP addresses are running) and Apache Reverse Proxy is being used with BalanceMember apache directive in order to drop requests to Tomcat cluster to Tomcat node1 and node2. On the new environment however by design the Tomcat cluster is removed and the application request has to be served by single Tomcat instance.

The migration completed fine and in the beginning in the first day (day 1) and day 2 since the environment went in Production and went through the so-called "GoLive", as called in Corporate World- which is a meathor for launching the application to be used as a production environment for customer, the customer reported TimeOut issues.

Some of the requests according to their report would took up to 4 minutes to serve, after a bit of investigation we found out, that though the environment was moved to one Tomcat the (number) amount of connections to application of end clients did not change, thus the timeouts were caused by default MaxThreads being reached and, we needed to to obviously raise that number. Here is the old Apache RP config where we had the 2 Tomcats between which the RP was load balancing:

As we needed a work around, we come to conclusion that we just need to increase Timeout on RP first so on Apache Reverse Proxy we placed following httpd.conf Virtualhost ProxyPass (directive) configs :

Even though the developer tried to insist that the problem was in Reverse Proxy timeout config, they were wrong as I checked the RP logs and there was no "maximum connections reached" errors..

As you could guess what left to check was only Tomcat, after quick evaluation of server.xml, it turned out that the MaxThreads directive on old clustered Tomcats was omitted at all, meaning the default MaxThreads Tomcat value of 200 maximum connections were used, however this was not enough as the client was quering the application with about 350 connections / sec.

The solution was of course to raise the Maxthreads to 400 we were pretty lucky that we already had a good dedicated Linux machine where the application was hosted (16GB Ram, 2 CPUs x 2.67 Ghz), thus raising MaxThreads to 400 was not such a big deal.

One note to make here is the debug="9" options to Connector directive was used to increase debug loglevel of Tomcat, and address="" is the local network IP on which Tomcat instance runs. As you see, we choose to use very high connectionTimeouts (because it is crucial, not to cut requests to applications due to timeouts) in case of application slowness.

We also suspected that there are some Oracle (ORA) database queries slowly served on the SQL backend, that might in future cause more app slowness, but this has to be checked seperately further in time as presently we were checking we did not have our Db person present.

It is shocking news for me and probably to many that according to security specialists at National Vulnerability Database, at present moment for year 2014 Windows looks like more secure than both Apple's (iOS and Mac OS X) as well as to Linux.

Windows has been bullied for its bad OS design and easier to breach Security compared to Linux, there was a constant hype also of Mac OS users claiming the invulnerability of their BSD based OS, but it seems security breach statistics given by National Vulnerability Databasesecurity breach evaluation reports tell us security issues for 2014 Windows OSes while compared to other OS vulnerabilities in different operating systems such as Linux.

I will have to disappoint Apple Mac fans but in 2014 Mac OS X was found to be riddled with the greatest number of security problems — 147 in total, including 64 rated as high severity, and 67 as medium.

iOS's security was also ranked poor with 127 vulnerabilities including32 high and 72 with a medium rating.

For comparison the latest Windows 8.1 had only 36 vulnerabilities, and its predecessors — Windows 8 and 7 — both had same number.
In Enterprise World (users) Windows Server 2007 and 2008 both have 38 vulnerabilities. Reported vulnerabilities were mainly of middle and high severity.

Overall statistics also show there has been a huge increase in the number security vulnerabilities in the NVD security reports database.
In 2013 the number of all logged vulnerabilities were 4,794 while this jumped to 7,038 in y. 2014. The good news is lower percentage of all logged in security issues were rated of critical security importance.
It is mostly third party software not part of OS which contain security issues, 83% of all reported vulnerabilities were laying in 3rd party applications, only 13% percantage were OS specific and 4% hardware related.
Though overall statistics shows Microsoft products more secure than Apple Inc. Products and (Open Source) Linux, though still M$ Internet Explorer is the most insecure web browser, for 2014, Internet Explorer had 242 vulnerabilities while Google Chrome had 124 security issues and the most secure browser rated for 2014 is (surprising for me) Mozilla Firefox.
It is important to say such statistics are not completely relevant because, for example you can rarely see a Linux desktop user infected with Malware but almost everyone around using Windows OS is malware infected, same goes for Mac OS users, there are plenty of vulnerabilities for Mac but overall security of Mac OS is better as I haven't still met Mac OS users with Viruses and Spyware but I fixed about (30!!) of Microsoft PCs and notebooks infected with various Viruses and badware throughout 2014. Also it should be considered that many securitty bugs are kept secret and actively exploited for a long time by blackhats like it happened recently with Heartbleed and ShellShock vulnerabilities
For those interested, below is a list of top vulnerable applications for 2014

So far so good this Joomla solved security but just recently I was asked to add a new article the Joomla News section – (the news section is configure to serve as a mini site blog as there are only few articles added every few months). For my surprise all of a sudden the new joomla article text started displaying text and pictures partially. The weirdly looking newly added news looked very much like some kind of template or css problem. I tried debugging the html code but unfortunately my knowledge in CSS is not so much, so as a next step I tried to temper some settings from Joomla Administrator in hope that this would resolve the text which was appearing from article used to be cut even though the text I’ve placed in artcle seemed correctly formatted. I finally pissed off trying to solve the news section layout problem so looked online too see if anyone else didn’t stick out to same error and I stumbled on Joomla’s forum explaining the Category Blog Layout Problem

The solution to the Joomla incomplete text showing in article is – To go to Joomla administrator menus:

1.Menus -> Main Menu -> (Click on Menu Item(s) – Edit Menu Item(s)) button2.Click on News (section)
In Parameters section(on the botton right) of screen you will see #Leading set to some low number for example it will be something like 8 or 9. The whole issue in my case was that I was trying to add more than 8 articles and I had a Leading set to 8 and in order to add more articles and keep proper leading I had to raise it to more. To prevent recent leading errors, I’ve raised the Leading to 100 like shown in below screenshot

After raising to some high number click Apply and you’re done your problem is solved 🙂
For those curious what the above settings from screenshot mean:

# Leading Articles -> This refers to the number of articles that are to be shown to the full width# Intro Articles -> This refers to the number of articles that are not to be shown to full width# Columns -> This refers to the number of columns in which the articles will be shown that are identified as #Intro. If #Intro is zero this setting has no effect# Links -> Number of articles that are to be shown as links. The number of articles should exceed #leading + #Intro

N.B. Solving this issue took me quite a long time and it caused me a lot of attempts to resolve it. I tried creating the article from scratch, making copy from an old article etc. I even messed few of the news articles one time so badly that I had to recreate them from scratch, before doing any changes to obsolete joomlas always make database and file content backup otherwise you will end up like me in situation loosing 10 hours of your time ..

The bitter experiences once again with Joomla convinced me when I have time I have to migrate this Joomla CMS to WordPress. My so far experience with Joomla prooved to me just for one time the time and nerves spend to learn joomla and built a multi-lingual website with it as well as to administer it with joomla obscure and hard to cryptic interfaces and multiple security issues., makes this CMS completely unworthy to study or use, its hardness to upgrade from release to release, besides its much slow and its less plugins if compared to WordPress makes wordpress much better (and easier to build use platform than Joomla).
So if you happen to be in doubt where to use Joomla or a WordPress to build a new company / community website or a blog my humbe advise is – choose WordPress!

Before I explain how I did it I will make a short turn to explain few things about Septuagint, as this is probably interesting stuff, you might not know.

Septuagint (also referred as LXX or the Alexandrian Canon) – Is Translation of the Hebrew Bible and some related text in Koine Greek) by legendary 70 Jewish scholars as early as the 2nd century BC. Just for those interested in Christianity it is curious fact that the number of Old Testament books are different among Protestant, Roman Catholic and Orthodox Christians, whether the number of New Testament books are the same in Catholics, Protestant and Orthodox.

So How Many books are in Roman Catholic, Protestant and Orthodox Old Testament Holy Bible?

The Old Testament in Orthodox Holy Bible version has 50 (where Slavonic versions of the bible include also +2 More which are the Edras books), whetherprotestant Holy Bible includes only 39 books in old testament and Roman Catholics has 46 old testamental books in there bibles. The reason why Protestants choose to have less books (only 39) is some of the books in the Roman Catholic and Orthodox Church are Apocryphal are referred to as the Apocryphal, or Deuterocanonical books this doesn't mean that the extra 8 Books in Orthodox Bibles are not God Inspired, this means, they don't have the historic authenticity as the early Church accepted canonicals.

The Orthodox Church accepted the Septuagint LXX as divinely inspired to be used in Church.

Now back to how I managed to merge (convert) multiple PDF files into single PDF on my Debian Linux home router.

Why Viber?

What makes this nifty app so great is its capability to makefree calls over mobile phones through the InternetViber.Viber saves you a lot of money as calls are handled only through the Internet (you need Wifi on your mobile or Mobile 3G Internet access on phone) and you don't need to pay to your mobile operator 0.10 – 0.15 euro / cents per minute. Besides being Free another advantage of Viber is conversations sound quality which is much better than a regular phone call

Viber doesn't need a special registration, but as (login) identificator uses your mobile phone number – you just need to have a working Mobile operator phone num. Once registered under a number even if you change your mobile sim card to other operator (for example moving from country to country) still the Viber account will continue work. Another good reason to use Viber is it makes possible price free calls between different countries (for example if you travel a lot and you want to regularly speak with your wife) – in my case right now I'm in Bulgaria and my wife is in Belarus, so to save money and keep talking daily we use Viber daily.

What Devices and Operating System Viber Supports and what is Viber advantages / disadvantages ?

Another reason why Viber is so great is its multi-platform support it works on iPhone, Blackberry, Windows Phone, Nokia (Symbian), Windows, Mac OS and even (Korean own OS-ed) Bada devices. Some might argue that Viber is inferior to Skype and interms of Voice and Video quality its better because of its enhanced HD voice enhanced codecs, besides that Viber's video is still in Beta. However Viber has one big advantage it makes easy possible to reach people using just their Mobile Phone numbers where in Skype it takes time and effort to register in Skype install application on your Mobile keep yourself logged in in Skype and have all contacts previously added, all this happens automatically in Viber in time of installation of Viber App on your mobile.

Which Is Cheaper Viber or Skype?

Once installed Viber could integrate itself with rest of your Mobile OS Call Manager and in time of call a friend number you have the opportunity to make it free Viber call. Viber are also selling Viber Credits so if you want to use your Viber Voice Over IP you can call external mobile operator numbers on a very very cheap price. Viber Calls to landline or mobile phones could be up to 400% cheaper than Skype! Whether you own a Smartphone it will be nice to give Viber a try.

Viber – How to make Phone calls between Desktop PC and Smarphone Mobile

One not so standard Viber use is to make Viber calls with no smartphone (at hand) from PC to another Viber equipped Mobile and vice versa.
I needed to make Viber calls from my ZTE Android running mobile to my wife's MacBook Air PC because her mobile is an old Nokia running obscure Symbian version which is not supporting Viber + she doesn't have an Internet access tariff switched on her mobile.

Here is what I had to do to make Phone calls between my Mobile Viber App and my wife's MacbookAir Notebook PC:

BlueStacks App Player is a software designed to enable Android applications to run on Windows PC, Apple Macintosh Computers and Windows tablets. BlueStacks is something like (VMware, Qemu) Virtual Machine which allows you to install and run any Android App on your Desktop PC.
Its curious that app was created by Rosen Sharma in 2008 an ex CTO (Chief Technology Officer) of McAfee

A mobile phone with a working SIM card (Nokia 6310 or any old mobile no need to be a smartphone

BlueStacks is needed in order to emulate a smartphone on your PC, therefore once setupped Bluestacks. Launch it and inside its necessary to login with your Gmail (Google Account) in order to allow access to Google Play Appstore on your PC.
viber with no mobile phone bluestacks

Installing and Verifying Viber

This is the most crucial and tricky part in order to make Viber working on any device you need to receive a special Viber verification code, you need to fill in this code to confirm Viber installation on PC. Here I assume you have BlueStacks running with Viber Application installed.

First will be prompted to Agree with Terms and Conditions and provide Mobile Phone number for verification. Tell the Viber app that you have a smartphone with Viber already when prompted. After receving Viber Verification Code you need to fill in this code into BlueStacks Window (inside Viber should be running), go further to next step and you should be done with Desktop PC Viber number registration.

N.B. ! One brackets to open here is you need to have a working Mobile Phone number where you will receive the verification code as SMS, otherwise you cannot get the verification. On your filled in mobile phone number you will get the verification code as SMS.

Making Viber Calls to (Windows Mac) PC without Smartphone

There is no more further need for BlueStacks so you can uninstall it, however I preferred to keep it as its useful to be able to install Android Applications straight on your Desktop PC. To start using Viber on Desktop, just launch Viber application (not through BlueStacks) but the direct install.

Disk Benchmarking is very useful for people involved in Graphic Design, 3D modelling, system admins and anyone willing to squeeze maximum of his PC hardware.

If you want to do some benchmarking on newly built Windows server targetting Hard Disk performance, just bought a new hard SSD (Solid State Drives) and you want to test how well Hard Drive I/O operations behave or you want to see a regular HDD benchmarking of group of MS Windows PCs and plan hardware optiomization, check out ATTO Disk Benchmark.

So why exactly ATTO Benchmark? – Cause it is one of the best Windows Free Benchmark tools on the internet.

ATTO is a widely-accepted Disk Benchmark freeware utility to help measure storage system performance. ATTO though being freeware is among top tools utilized in industry. It is very useful in comparing different Hard Disk vendors speed, measure Windows storage systems performance with various transfer sizes and test lengths for reads and writes.

SMP systems and multi-tasking OS efficiency can be tested using up to 20 separate threads of execution.

For Console Geeks or Windows server admins there are also some ports of famous *NIX Hard Disk Benchmarking tools:

NTiogen

NTiogen benchmark was written by Symbios Logic, It's Windows NT port of their popular UNIX benchmark IOGEN. NTIOGEN is the parent processes that spawns the specified number of IOGEN processes that actually do the I/O.
The program will display as output the number of processes, the average response time, the number of I/O operations per second, and the number of KBytes per second. You can download mirror copy of Ntiogen here

There are plenty of other GUI and Console HDD Benchmarking Win Tools, i.e.:

IOMeter (ex-developed by Intel and now abandoned available as open source available on SourceForge)

Bench32 – Comprehensive benchmark that measures overall system performance under Windows NT or Windows 95, now obsolete not developed anymore abandoned by producer company.

ThreadMark32 – capable of bench (ex developed and supported by ADAPTEC) but also already unsupported

IOZone – filesystem benchmark tool. The benchmark generates and measures a variety of file operations. Iozone has been ported to many machines and runs under many operating systems.

N! B! Important note to make here is above suggested tools will provide you more realistic results than the proprietary vendor tools shipped by your hardware vendor. Using proprietary software produced by a single vendor makes it impossible to analyze and compare different hardwares, above HDD benchmarking tools are for "open systems", e.g. nomatter what the hardware producer is produced results can be checked against each other.
Another thing to consider is even though if you use any of above tools to test and compare two storage devices still results will be partially imaginary, its always best to conduct tests in Real Working Application Environments. If you're planning to launch a new services structure always test it first and don't rely on preliminary returned soft benchmarks.

if you know some other useful benchmarking software i'm missing please share.

Probably few Bulgarians and even less Russians have heard about Saint Cyprian the Bulgarian – a great saint who played a ey role in esblishment of nowadays Russian Orthodox Church.. I have learned about the living of the saint just recently. Cyprian (The Bulgarian) (c. 1336 – 16 September 1406) was Metropolitan of Kiev and All Rus' with the Metropolitan's residence in Moscow. (The official title was Metropolitan of Kiev and All Rus' until 1448, even though the metropolitans were in Vladimir-on-Kliazma and later Moscow since 1299.)

Saint Cyprian was a Clergyman of Bulgarian nationality, he lived for some time at Mount Athos. In 1373, the Patriarch of Constantinople Philotheus Kokkinos picked him for his devout lifestyle and excellent education and sent him to Lithuania and Muscovy on a mission to reconcile the princes of Lithuania and Tver with Metropolitan Alexius. In 1375, after the hostilities between Moscow and Lithuania had started all over again, the Lithuanian princes asked to appoint Cyprian their Metropolitan. Philotheus Kokkinos made Cyprian Metropolitan of Kiev, all Russia and Lithuania, so that he could unite both ecclesiastical provinces after the death of Alexius. In 1376 he was ordained as a bishop in Constantinople at the behest of the Lithuanian grand duke Algirdas and become Mitropolitan of Kiev. Because this ordination was not recognized by Moscow, he was driven out from Moscow on his first arival there and had to wait in Constantinople until he was officially recognized as Metropolitan. He became officially regognized metropolitan of "all Rus" by the Moscow Duke later in 1389.

His residence from there on was Moscow, although he visited Kiev and other Ukrainian eparchies regularly. In 1378, Metropolitan Alexius died. As a result of the ensuing skirmishes and intrigues, Cyprian became Metropolitan of Moscow in 1381. One year later, however, he fled from Moscow due to the approaching armies of Tokhtamysh. Subsequently, he was removed from Russia and replaced with Metropolitan Pimen (1382–1384). The latter was succeeded by Metropolitan Dionysius (1384–1385). In 1390, Cyprian was returned to Moscow by Vasili II, who he had always supported, and appointed Metropolitan of Moscow and All Russia. Cyprian is remembered as a wise and experienced church administrator who fought for the unity of the Russian church.

In fact, he is mainly responsible for uniting the Church in Russia and the Grand Duchy of Lithuania. He faced serious opposition during his metropolitanate; Dmitry Donskoy and his advisors were excommunicated for opposing Cyprian's efforts to take up his place in Moscow, and Novgorod the Great – especially Archbishops Aleksei and Ioann II – also opposed his efforts to adjudicate ecclesiastical cases there, which would have allowed him to gain the court fees from Novgorod during the time he sat in judgement there. St. Cyprian was an erudite person and oversaw the copying and creation of a number of important works, including the Troitskaia Chronicle (or Troitskaya letopis') and, probably, the Metropolitan Justice (also known as the Pravosudiye metropolich’ye or Правосудие митрополичье). He also rewrote the Life of Metropolitan Peter, originally written around 1327.

Under st. Cyprian's governance, a church "reform" was made on how the iconostasis is build the called "high few raws of icons" on the Church Alter wall iconostasis so common nowadays in Russian Church is actually his invention.
He also corrected biblical books and translated a number of ecclesiastic works from Greek into Old Church Slavic.
A little known fact is Andrei Rublev was under St. Cyprian's spiritual guidance when he painted the most famous Russian icon (and the only canonical icon depicing) "The Holy Trinity".

St. Cyprian is buried in the Assumption Cathedral in the Moscow Kremlin. He was canonized by the Russian Orthodox Church in the 15th century. One curious fact is St. Kiprian Peak on Greenwich Island in the South Shetland Islands, Antarctica is named for Cyprian.

Having a combination of Apache webservice Reverse Proxy to redirect invisibly traffic to a number of Tomcat server positioned in a DMZ is a classic task in big companies Corporate world.
Hence if you work for company like IBM or HP sooner or later you will need to configure Apache Webserver cluster with few running Jakarta Tomcat Application servers behind. Scenario with necessity to access a java based application via Tomcat which requires logging (authentication) relaying on establishing and keeping a session ID is probably one of the most common ones and if you do it for first time you will probably end up with Session ID issues. Session ID issues are hard to capture at first as on first glimpse application will seem to be working but users will have to re-login all the time even though the programmers might have coded for a session to expiry in 30 minutes or so.

… I mean not having configured Session ID prevention to Tomcats will cause random authentication session expiries and users using the Tomcat app will be unable to normally access below application with authenticated credentials. The solution to these is known under term "Sticky sessions"
To configure Sticky sessions you need to already have configured Apache/s with following minimum configuration:

Below example assumes there is Reverse Proxy Load Balancer Apache which has to forward all traffic to 2 tomcats. The config can easily be extended for as many as necessary by adding more BalancerMembers.

In Apache webserver (apache2.conf / httpd.conf) you need to have JSESSIONID configured. These JSESSIONID is going to be appended to each client request from Reverse Proxy to each of Tomcat servers with value opened once on authentication to first Tomcat node to each of the other ones.